All Versions
Latest Version
Avg Release Cycle
45 days
Latest Release
29 days ago

Changelog History
Page 4

  • v1.12.0 Changes

    October 03, 2017
    • ๐Ÿ”’ [SECURITY] Clear expired password reset key for account before retrieving password reset key (chanks, jeremyevans) (#43)

    • โšก๏ธ Update migrations to work with Sequel 5 (jeremyevans)

    • Add require_http_basic_auth configuration method to http_basic_auth feature (jeremyevans) (#41)

    • Support passing :search_path option to Rodauth.create_database_authentication_functions when using PostgreSQL (jeremyevans)

    • Support passing options to Rodauth.{create,drop}_database_previous_password_check_functions (jeremyevans)

    • Support passing options to Rodauth.drop_database_authentication_functions (jeremyevans)

  • v1.11.0 Changes

    April 24, 2017
    • Add login_required_error_status, and use it in the jwt feature when custom error statuses are allowed (jeremyevans)

    • ๐Ÿ”Œ Deal better with time differences between the database and application servers in the password_expiration plugin (jeremyevans)

    • โž• Add rodauth.valid_jwt? method for checking if a valid JWT was submitted with the request (jeremyevans)

  • v1.10.0 Changes

    March 23, 2017
    • โž• Add Internals Guide (jeremyevans)

    • Set FeatureConfiguration instances to constants, just like Feature instances (jeremyevans)

    • ๐Ÿ”ง When reopening rodauth configuration in roda subclass, automatically subclass rodauth configuration so it doesn't modify superclass (jeremyevans)

    • Add verify_login_change feature as an alternative to verify_change_login, where the change doesn't take affect until after verification (jeremyevans) (#31)

    • Add login_failed_reset_password_request_form for customizing the HTML used for the request password request form on login failures (jeremyevans)

    • ๐Ÿ‘‰ Make reset password request form available without requiring a login attempt, and provide a login field in that case (jeremyevans) (#30)

    • ๐Ÿ‘‰ Make resending verify account email request form available without requiring a login/account creation attempt, and provide a login field in that case (jeremyevans) (#30)

    • Fix resending verify account email when attempting to create a new account with same login as unverified account when using verify_account_grace_period feature (jeremyevans) (#30)

    • Fix precompile_rodauth_templates usage with reset_password feature (jeremyevans)

  • v1.9.0 Changes

    February 22, 2017
    • ๐Ÿ‘‰ Make reset-password use existing password reset key if one is present (jeremyevans) (#26)

    • Add Roda.precompile_rodauth_templates method, useful to save memory when forking, or when chrooting (jeremyevans)

  • v1.8.0 Changes

    January 06, 2017
    • Add json_response_custom_error_status? option to jwt feature to use specific 4xx statuses instead of 400 (jeremyevans)

    • ๐Ÿ‘‰ Use 4xx error statuses for errors, instead of using a 200 success status (jeremyevans)

  • v1.7.0 Changes

    November 22, 2016
    • ๐Ÿ‘‰ Make reset password, unlock account, and verify account pages not leak keys to external servers via Referer header (jeremyevans)
  • v1.6.0 Changes

    October 24, 2016
    • Add http_basic_auth feature (TiagoCardoso1983, jeremyevans) (#12)

    • ๐Ÿšš Move login hooks from login feature to base, to be usable by other features (jeremyevans)

    • ๐Ÿ‘‰ Make reset_password feature not attempt to render a template in json-only mode (jeremyevans) (#11)

    • ๐Ÿ“ Memoize jwt_payload in jwt feature, as it may be called more than once (mwpastore) (#10)

    • Add jwt_decode_opts configuration method to jwt feature, for specifying options to JWT.decode, allowing for JWT claim verification (mwpastore, jeremyevans) (#9)

    • Add jwt_session_hash configuration method to jwt feature, for modifying the session information stored in the JWT hash, allowing for setting JWT claims (mwpastore, jeremyevans) (#9)

    • Add jwt_session_key configuration method to jwt feature, for nesting the session under a key in the JWT, avoiding reserve claim names (mwpastore, jeremyevans) (#9)

    • Add jwt_symbolize_deeply? configuration method to jwt feature, for symbolizing nested keys in session hash when using JWT (mwpastore) (#9)

  • v1.5.0 Changes

    September 22, 2016
    • ๐Ÿ‘ป Return error instead of raising exception in the jwt feature if an invalid jwt format is submitted in the Authorization header (jeremyevans)

    • Add jwt_authorization_remove configuration method to jwt feature, for regexp to remove from Authorization header before JWT processing (jeremyevans)

    • Add jwt_authorization_ignore configuration method to jwt feature, for regexp to skip processing of JWTs in Authorization header (jeremyevans)

    • Add json_accept_regexp configuration method to jwt feature, for the regexp used to match against the Accept header (jeremyevans)

    • โž• Add use_jwt? configuration method to jwt feature, for whether to use the JWT token or rack session for authentication information (jeremyevans)

    • Add jwt_check_accept? configuration method to jwt feature, to return 406 error if Accept header is present and json is not accepted (jeremyevans)

    • Add json_response_content_type configuration method to jwt feature, for the content type to set for json responses, default to application/json (jeremyevans)

    • Add json_request_content_type_regexp configuration method to the jwt feature, for the regexp that recognize a request as a json request (jeremyevans)

    • โž• Add session_jwt method to the jwt feature, which returns a string for the encoded JWT for the current session (jeremyevans)

    • If the only_json? setting is true, return a 400 error if the request content type to a rodauth endpoint is not json (jeremyevans)

    • 0๏ธโƒฃ The only_json? setting in the jwt feature is now only true by default if :json=>:only plugin option was used (jeremyevans)

    • Don't have jwt feature break if HTTP Basic/Digest authentication is used (jeremyevans)

    • โž• Add template_opts configuration method, for overriding view/method options (jeremyevans)

  • v1.4.0 Changes

    August 18, 2016
    • Add update_password_hash feature, for updating the password hash when the hash cost changes (jeremyevans)
  • v1.3.0 Changes

    July 19, 2016
    • Add login_maximum_length, defaulting to 255 (jeremyevans)